Description
I don't think it's clear from the docs whether lldap can support multiple vhosts and per-vhost admins. From what i've tested so far, i believe:
- it's possible to create users on different domains by using the same key for username and email fields (this way you can have 2 accounts contact@foo.com and contact@foo.net, whereas you could not have two accounts called
contact) - it's not possible to create multiple bases on LDAP side (
ou=people,dc=foo,dc=netandou=people,dc=foo,dc=com) unless running multiple instances of lldap - it's not possible to have custom permissions for a group, for example allow a group to add/edit/delete accounts matching a regex (eg.
.*@foo.net$)
This is personal belief based on quick testing. Please correct this information with actual knowledge of the way lldap operates 😄 . I understand that lldap tries to stay minimalist and that's what brought me here. I believe however the answer to these questions should be added to the docs/FAQ.
Why it's important to me: as a member of several hosting non-profits, we try to provide reliable service to different collectives, each having their own vhost. We've been investigating replacing different existing stacks based on slapd, moulinette, or PAM (yes, with /etc/passwd integration) with a more modern/maintainable alternative. It's not a problem to run one service per vhost (although having proper vhost support in lldap would be easier) but i could not find documentation about this in the lldap docs.